The US government through its Ministry of Justice claims to have succeeded in attacking and disrupting the operations of a ransomware hacker gang called Hive.
The US Department of Justice (Department of Justice / DOJ) admits that it took months to be able to infiltrate and attack the hacker gang, we were quoted as saying from Engadget, Friday (27/1/2023).
The DOJ said Hive had attacked 1,500 victims spread across 80 countries, and received hundreds of millions of dollars in ransoms from its victims.
The US government is not alone in brushing off the gang, they are also working with law enforcement in the Netherlands and Germany. They confiscated Hive's servers and websites, and thought this would weaken the gang's ability to attack and blackmail its victims.
The DOJ's action began in July 2022, when it first successfully infiltrated the Hive network. From there they were able to retrieve 300 decryption keys which were then distributed to Hive ransomware victims. They also claimed to have more than 1000 keys for previous victims.
From here, the DOJ claimed to be able to prevent the payment of a ransom of USD 130 million. Even so, they admit that they are still continuing to investigate the gang and have not announced any arrests.
Hive is a hacker gang that uses the ransomware as a service (RaaS) business model, in which the leader creates a ransomware variant with an easy-to-use interface.
Then, this leader or admin recruits his subordinates to spread the ransomware to potential victims. Namely by infiltrating the ransomware into the victim's system and encrypting the system.
Then they demand a ransom to unlock the encryption key, and promise not to publish the encrypted data. If the victim pays, the ransom is then split on an 80-to-20 basis between the ransomware spreader and the creator.
If the victim doesn't pay then what happens? The encrypted data will be leaked to the internet.
Most of the methods Hive uses to infiltrate are via single-factor login via remote desktop, VPNs, FortiToken loophole exploits, and phishing emails containing malware.
"Last night the DOJ busted an international ransomware network that was responsible for extortion and attempted extortion of hundreds of millions of dollars from its victims in the United States and other countries. We will continue to work to prevent attacks like this and provide support to victims. And with our international partners, we will continue to disrupt the criminal network that propagated this attack," said Merrick Garland, US Attorney General.
